cipherdyne.org

29 July, 2005

The 0.9.1 release of fwknop is ready for download. Here is an excerpt from the ChangeLog:

• Added the ability to specify multiple ports/protocols to access on a server with the --Access command line option.
• Added the ability to spoof SPA packets over icmp and tcp protocols.
• Added the ability to restrict access at the server to only those ports defined in the OPEN_PORTS keyword. This option is controled by a new keyword "PERMIT_CLIENT_PORTS".
• Bugfix for MD5 sum not being properly calculated over decrypted data. This allowed old packets that contained additional garbage data to be replayed against an fwknop server.
• Updated to fall back to getpwuid() if getlogin() fails (Blair Zajac).
• Added --ipt-list to list all current rules in the FWKNOP Netfilter chains.
• Added --ipt-flush to flush all current rules in the FWKNOP Netfilter chains.
• Bugfix for the installer dying if ~/lib already exists (Blair Zajac).
• Updated to delay the loading of server perl modules (Net::Pcap, etc.) only if we are running in server mode.
• Bugfix for module directory paths in install.pl.